Skip to content

L
libvirt

openeuler / libvirt

通知 3
Star 0
Fork 0
L
libvirt

体验新版 GitCode,发现更多精彩内容 >>

提交 3b1d19e6 编写于 作者: I intrigeri 提交者: Guido Günther
浏览文件
操作

AppArmor: add rules needed with additional mediation features brought by Linux 4.14.

上级 2f3054c2
隐藏空白更改
内联 并排
Showing with 8 addition and 0 deletion
examples/apparmor/libvirt-qemu
浏览文件 @ 3b1d19e6
...@@ -16,6 +16,10 @@ ...@@ -16,6 +16,10 @@
network inet stream, network inet stream,
network inet6 stream, network inet6 stream,
ptrace (readby, tracedby) peer=/usr/sbin/libvirtd,
signal (receive) peer=/usr/sbin/libvirtd,
/dev/net/tun rw, /dev/net/tun rw,
/dev/kvm rw, /dev/kvm rw,
/dev/ptmx rw, /dev/ptmx rw,
......
examples/apparmor/usr.sbin.libvirtd
浏览文件 @ 3b1d19e6
...@@ -34,6 +34,7 @@ ...@@ -34,6 +34,7 @@
network inet dgram, network inet dgram,
network inet6 stream, network inet6 stream,
network inet6 dgram, network inet6 dgram,
network netlink raw,
network packet dgram, network packet dgram,
network packet raw, network packet raw,
...@@ -42,6 +43,9 @@ ...@@ -42,6 +43,9 @@
ptrace (trace) peer=/usr/sbin/dnsmasq, ptrace (trace) peer=/usr/sbin/dnsmasq,
ptrace (trace) peer=libvirt-*, ptrace (trace) peer=libvirt-*,
signal (send) peer=/usr/sbin/dnsmasq,
signal (read, send) peer=libvirt-*,
# Very lenient profile for libvirtd since we want to first focus on confining # Very lenient profile for libvirtd since we want to first focus on confining
# the guests. Guests will have a very restricted profile. # the guests. Guests will have a very restricted profile.
/ r, / r,
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册